From bf0536ac9c8bf3a776c81c66335f7f7c126fd14c Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@iwakurahome.ru>
Date: Mon, 16 Jun 2025 03:09:14 +0300
Subject: [PATCH] added admin panel (let the gates of hell open)

---
 main/admin.php | 146 +++++++++++++++++++++++++++++++++++++++++++++++++
 main/index.php |   3 +
 main/login.php |   3 +-
 3 files changed, 151 insertions(+), 1 deletion(-)
 create mode 100644 main/admin.php

diff --git a/main/admin.php b/main/admin.php
new file mode 100644
index 0000000..31b69ac
--- /dev/null
+++ b/main/admin.php
@@ -0,0 +1,146 @@
+<?php
+session_start();
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+header('Content-Security-Policy: default-src \'self\'');
+
+if (!isset($_SESSION['is_moderator']) || !$_SESSION['is_moderator']) {
+    header('Location: index.php');
+    exit;
+}
+
+$config = require 'config.php';
+$db = new PDO(
+    "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
+    $config['db']['user'], 
+    $config['db']['pass']
+);
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$error = '';
+$success = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (isset($_POST['action']) && isset($_POST['username'])) {
+        $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
+        
+        if ($_POST['action'] === 'ban') {
+            $stmt = $db->prepare('UPDATE users SET is_blocked = 1 WHERE username = ?');
+            $stmt->execute([$username]);
+            $success = "User $username has been banned";
+        } elseif ($_POST['action'] === 'unban') {
+            $stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
+            $stmt->execute([$username]);
+            $success = "User $username has been unbanned";
+        }
+    }
+}
+
+$stmt = $db->query('SELECT username, is_blocked, is_moderator, created_at FROM users ORDER BY created_at DESC');
+$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Text0Nly - Admin Panel</title>
+    <link rel="stylesheet" href="styles.css">
+    <style>
+        .admin-table {
+            width: 100%;
+            border-collapse: collapse;
+            margin-top: 20px;
+        }
+        .admin-table th, .admin-table td {
+            padding: 8px;
+            border: 1px solid #ddd;
+            text-align: left;
+        }
+        .admin-table th {
+            background: #f5f5f5;
+        }
+        .ban-btn {
+            background: #dc3545;
+            color: white;
+            border: none;
+            padding: 4px 8px;
+            cursor: pointer;
+            border-radius: 4px;
+        }
+        .unban-btn {
+            background: #28a745;
+            color: white;
+            border: none;
+            padding: 4px 8px;
+            cursor: pointer;
+            border-radius: 4px;
+        }
+        .status-banned {
+            color: #dc3545;
+        }
+        .status-moderator {
+            color: #28a745;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>Admin Panel</h1>
+            <div class="header-buttons">
+                <a href="index.php">Back to chat</a>
+            </div>
+        </div>
+
+        <?php if ($error): ?>
+            <div class="error"><?= htmlspecialchars($error) ?></div>
+        <?php endif; ?>
+        <?php if ($success): ?>
+            <div class="success"><?= htmlspecialchars($success) ?></div>
+        <?php endif; ?>
+
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Status</th>
+                    <th>Created</th>
+                    <th>Actions</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($users as $user): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($user['username']) ?></td>
+                        <td>
+                            <?php if ($user['is_blocked']): ?>
+                                <span class="status-banned">Banned</span>
+                            <?php elseif ($user['is_moderator']): ?>
+                                <span class="status-moderator">Moderator</span>
+                            <?php else: ?>
+                                Active
+                            <?php endif; ?>
+                        </td>
+                        <td><?= $user['created_at'] ?></td>
+                        <td>
+                            <?php if (!$user['is_moderator']): ?>
+                                <form method="post" style="display:inline">
+                                    <input type="hidden" name="username" value="<?= htmlspecialchars($user['username']) ?>">
+                                    <?php if ($user['is_blocked']): ?>
+                                        <input type="hidden" name="action" value="unban">
+                                        <button type="submit" class="unban-btn">Unban</button>
+                                    <?php else: ?>
+                                        <input type="hidden" name="action" value="ban">
+                                        <button type="submit" class="ban-btn">Ban</button>
+                                    <?php endif; ?>
+                                </form>
+                            <?php endif; ?>
+                        </td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+    </div>
+</body>
+</html> 
\ No newline at end of file
diff --git a/main/index.php b/main/index.php
index 0da0eae..8515adf 100644
--- a/main/index.php
+++ b/main/index.php
@@ -84,6 +84,9 @@ try {
                 <a href="https://git.sr.ht/~iwakuralain/text0Nly" target="_blank" class="source-btn">Source code</a>
                 <?php if (isset($_SESSION['username'])): ?>
                     <span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span>
+                    <?php if (!empty($_SESSION['is_moderator'])): ?>
+                        <a href="admin.php">Admin Panel</a>
+                    <?php endif; ?>
                     <a href="?logout=1">Logout</a>
                 <?php else: ?>
                     <a href="login.php">Login</a>
diff --git a/main/login.php b/main/login.php
index 52e32c7..5a9835e 100644
--- a/main/login.php
+++ b/main/login.php
@@ -31,7 +31,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     if ($username && $password) {
         try {
-            $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
+            $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt, is_moderator FROM users WHERE username = ?');
             $stmt->execute([$username]);
             $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
@@ -45,6 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     $stmt->execute([$user['id']]);
                     $_SESSION['user_id'] = $user['id'];
                     $_SESSION['username'] = $username;
+                    $_SESSION['is_moderator'] = $user['is_moderator'];
                     header('Location: index.php');
                     exit;
                 } else {